CloudShark Support

Locking down access to specific update servers

Locking down access to specific update servers

CloudShark uses the Yum package manager under the hood for software updates and the various repositories it connects to are found in the files under /etc/yum.repos.d/. The updates to CloudShark itself come from the host lounge.cloudshark.org which is in the file /etc/yum.repos.d/cloudshark.repo. The NGINX webserver is also installed from nginx.org in the file /etc/yum.repos.d/nginx.repo.

CentOS, by default, uses a list of mirrors and picks one to pull its updates from and this might not always choose the same mirror. To disable this edit the file /etc/yum.repos.d/CentOS-Base.repo. In here are 5 sections each with a line that starts with mirrorlist. Put a # in front of all the lines starting with mirrorlist and remove the # from the lines that say #baseurl. That way Yum will always use http://mirror.centos.org; to pull down CentOS updates. Here is an example /etc/yum.repos.d/CentOS-Base.repo for file CentOS 6:

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib&infra=$infra
baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

Then CloudShark just needs to access the following hosts to update CloudShark using cloudshark-admin --install-latest and the underlying OS by running yum update:

  • lounge.cloudshark.org
  • nginx.org
  • mirror.centos.org

Once the firewall has been configured the following commands can be run to verify that CloudShark can access all of the servers it needs to be able to update:

  • cloudshark-admin –info
  • yum clean all
  • yum makecache

These commands will not install any new software or updates but they will make sure CloudShark has access to all of the necessary hosts to update CloudShark and the underlying operating system.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: